Yogita Urade 450857b441 qemu: fix CVE-2024-3447 ...

A heap-based buffer overflow was found in the SDHCI device
emulation of QEMU. The bug is triggered when both
`s->data_count` and the size of `s->fifo_buffer` are set to
0x200, leading to an out-of-bound access. A malicious guest
could use this flaw to crash the QEMU process on the host,
resulting in a denial of service condition.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3447

Upstream patch:
2429cb7a9f

(From OE-Core rev: 01d7ac9244364b7f89cd2f99fff11c2417bcad03)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-12-09 07:54:03 -08:00

..

qemu

qemu: fix CVE-2024-3447

2024-12-09 07:54:03 -08:00

qemu-helper

qemu-helper-native: Correctly pass program name as argv[0]

2022-12-01 19:35:05 +00:00

nativesdk-qemu-helper_1.0.bb

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

qemu_6.2.0.bb

qemu: Fix slirp determinism issue

2022-07-25 15:11:45 +01:00

qemu-helper-native_1.0.bb

qemu-helper-native: Re-write bridge helper as C program

2022-12-01 19:35:05 +00:00

qemu-native_6.2.0.bb

qemu: Upgrade 6.1.0 -> 6.2.0

2021-12-20 15:29:01 +00:00

qemu-native.inc

qemu: replace a gtk wrapper with directly setting environment from runqemu

2022-02-07 10:08:59 +00:00

qemu-system-native_6.2.0.bb

qemu: Fix slirp determinism issue

2022-07-25 15:11:45 +01:00

qemu-targets.inc

qemu: Enable ppc64le support for qemu-usermode

2020-01-22 15:56:14 +00:00

qemu.inc

qemu: fix CVE-2024-3447

2024-12-09 07:54:03 -08:00

qemuwrapper-cross_1.0.bb

sstatesig: Add processing for full build paths in sysroot files

2021-10-04 15:03:53 +01:00